Is your biometric data safe? Alex Kot School of Electrical & Electronic Engineering Nanyang Technological University Singapore
Biometrics in daily life Biometrics Images are downloaded from the internet
Biometrics in daily life Advantages: • Provides uniqueness • Can not be lost • Can not be forgotten • Much harder to fool… CAGR: Compound Annual Growth Rate http://www.acuity-mi.com/FOB_Report.php
Threats to biometric templates A fingerprint database • Cannot be updated and reissued • Can be utilized to gain false identity • May leak some private information of the user Tom loses his fingerprint forever! Applications associated with Tom’s fingerprint Stolen A fake finger The images of this figure are from Maltoniet al., Handbook of fingerprint Recognition, 2009 Once a biometric template is stolen: … … … …
Existing techniques • Template encryption • Cancelable biometric generation • Biometric key generation • Biometric data hiding
Template encryption • Decryption is required before template matching • The decrypted template is vulnerable Key Key Encryption Decryption Original Template Encrypted Template Original Template Enrollment Authentication
Cancelable biometric generation • Non-invertible transform: Rathaet al., PAMI, 2007 Key Many to one mapping function Original minutiae template Cancelable minutiae template The images of this figure are from Rathaet al., PAMI, 2007 • Matching can be performed in the transformed domain. But the non-invertible transform will usually lead to a accuracy reduction
Cancelable biometric generation • Biohasing: Teohet al., Pattern Recogn., 2004 Orthogonal pseudo-random matrix generated from the token Extracted features Binarization The images of this figure are from Teohet al., Pattern Recogn., 2004 Biohash: 0111… • Very high accuracy under the assumption that the token is never stolen or shared. Once the token is stolen or shared, there will be a significant reduction in the accuracy.
Biometric key generation • Fuzzy commitment: Tuylset al., AVBPA, 2005 T 10111… T' 10111… CodewordC 01011… Key CodewordC 01011… Error correction Key Enrollment Authentication • Require the template to be aligned and ordered. Can not be applied for point set based features such as minutiae points
Biometric key generation • Fuzzy fault: Nandakumaret al. TIFS, 2007 Polynomial transformation Key Chaff points addition The images of this figure are from Nandakumaret al. TIFS, 2007 Enrollment Vault
Biometric key generation Vault • Fuzzy fault: Nandakumaret al. TIFS, 2007 Filtering Polynomial reconstruction Polynomial p Key Authentication The images of this figure are from Nandakumaret al. TIFS, 2007 • Able to handle point set based features. However, it requires a specific matcher, which may lead to a degradation in accuracy.
Biometric data hiding Fingerprint with hidden data • Jain and Uludag, PAMI, 2003 Data extraction Face matching Data embedding Yes/No Fingerprint matching Yes/No Enrollment Authentication The images of this figure are from Jain and Uludag, PAMI, 2003 • The eign-face coefficients are hidden in a grayscale fingerprint so as to enhance the authenticity of the fingerprint • The fingerprint matching accuracy is slightly reduce due to the data hiding
Biometric data hiding • Data hiding technique are also applied to • Statistic signature (grayscale image)Maioraraet al., BSYM, 2007. • Color face image (color image)Vatsaet al., IMAGE VISION COMPUT., 2009. • Electronic ink (sample sequence) Cao and Kot., TIFS, 2010 • Palmprint Competitive Code, Kong et al., Pattern Recogn., 2008. • DNA, Shimanovsky, et al., IH, 2002
Full fingerprint reconstruction and its privacy concerns • The minutiae template is commonly stored in a database for fingerprint recognition. • A fingerprint can be reconstructed from the minutiae. • Manufacturing a fake finger • Submitting to the communication channel • It is necessary to examine to what extreme a reconstructed fingerprint can be similar to the original fingerprint. • Prompt the research of countermeasures against the attacks due to reconstructed fingerprint • Useful when the original fingerprint is not available or of low quality. E.g., the template interoperability problem, the latent fingerprint restoration problem.
Full fingerprint reconstruction and its privacy concerns • The existing works: • Hill, Master’s thesis, 2001 heuristically draws a partial skeleton from the minutiae points • Ross et al., PAMI, 2007. reconstruct a fingerprint from minutiae points by using stream lines. • Cappelliet al., PAMI, 2007.iteratively grow the ridges from an initial image which records the minutiae local pattern. • Fenget al., PAMI, 2010. adopt the AM-FM fingerprint model for the fingerprint reconstruction. • Our proposed scheme: • Fewer artifacts and fewer spurious minutiae • Good match against the original fingerprint and different impressions of the original fingerprint • Application for fingerprint ridge frequency protection
The AM-FM fingerprint model • Larkin and Fletcher, Optics Express, 2007 Cos(ψ) Original fingerprint I Hologram phase ψ = Ou+/2
The AM-FM fingerprint model Spiral phase: ψs calculated from the spirals ψ Continuous phase: ψc = ψ ψs Ou
The proposed method The proposed fingerprint reconstruction scheme
1. Orientation estimation • Existing fingerprint orientation models for global fingerprint representation, e.g., Zhou et al., TIP, 2004., Yang et al., PAMI, 2011. • Some specifically designed algorithms, e.g., Ross et al., PAMI, 2007., Fenget al., PAMI, 2011 A set of minutiae points Region of interest Estimated orientation The orientation estimation scheme proposed by Fenget al. PAMI, 2010.
2. Binary ridge pattern generation The orientation A predefined frequency An initial image Gabor Filtering,Cappelliet al., ICPR, 2000
3. Continuous phase reconstruction I(x,y)−a(x,y) Enhanced ridge pattern Spirals detection and removal = Ou+/2 The reconstructed continuous phase: ψc The phase image ψ Unwrapped orientation
The proposed orientation unwrapping algorithm Estimated orientation Unwrappedorientation Horizontallyunwrapped orientation 2 1 Discontinuity Segments Processing from top to bottom Processing row by row from left to right 2 1
4. Continuous phase and spiral phase combination ψf = ψc + ψs Computed from the minutiae points Examples of reconstructed phase images
An example in the case that we adopt the branch cut based orientation unwrapping for continuous phase reconstruction
5. Reconstructed phase image refinement • For the reconstructed phase image with two Discontinuity Segments ψf A different form of the reconstructed phase image The refined phase image Ou
6. Real-look alike fingerprint creation Refined phase image Thinned version Ideal fingerprint Real-look alike fingerprint
Experimental results • Evaluation databases: FVC2002 DB1_A and FVC2002 DB2_A. Each database contains 800grayscale fingerprint images from 100 fingers with 8impressionsper finger. • Algorithms for minutiae extraction and matching: The VeriFinger 6.3 • Fingerprint images are reconstructed from all 800 minutiae templates (of each database) using our proposed technique and the-state-of-the-art method proposed by Fenget al.. • We create our reconstructed fingerprint without the step of real-look alike fingerprint creation for a fairly comparison with Feng’s work.
Experimental results • Two types of matches: • The type-A match: the reconstructed fingerprint is matched against the original fingerprint. In total 800 type-A matches for each database. • The type-B match: the reconstructed fingerprint is matched against the different impressions of the original fingerprint. In total 800x7=5600 type-B matches for each database.
Comparison results on FVC2002 DB1_A Type-A match Type-B match
Comparison results on FVC2002 DB2_A Type-A match Type-B match
A visual comparison A reconstructed fingerprint from the proposed method The corresponding reconstructed fingerprint from Feng et al.’s method
Generation of fingerprints with different frequencies A generated fingerprint with f=0.11 A generated fingerprint with f=0.15 The original fingerprint A generated fingerprint is reconstructed from both the minutiae and the original orientation
The performance evaluation • The first impressions of the 100 fingers in FVC2002 DB1_A are considered to be stored in the database • The other seven impressions of each finger are considered to be the full fingerprints (testing fingerprints) during verification. • For each testing fingerprint, we produce two generated fingerprints with f=0.11 and f=0.15. • In total two sets of generated fingerprints with 700 images per set • Each generated fingerprint is matched against the original fingerprint, producing 700 genuine matching scores for each set of generated fingerprints
The performance evaluation FVC2002 DB1_A FVC2002 DB2_A
Remarks • Losing one’s minutiae template means a high chance of losing his fingerprint • Over 99% of Successful Type-A Match Rate at FAR of 0.01% • Over 85% of Successful Type-B Match Rate at FAR of 0.01% • The fingerprint reconstruction technique can be adopted for protecting the privacy of the fingerprint • The ridge frequency of the fingerprint is protected by using the generated fingerprints • By using our generated fingerprints, the verification accuracy is slightly reduced (within 3% at FAR of 0.01%)
Feature Level Based Fingerprint Combination for Privacy Protection • The weaknesses of most of the existing fingerprint privacy protection techniques • Require the user to carry a token or memorize a key: not convenient, vulnerable when both the token (or key) and the protected fingerprint are stolen • Noticeable in their protected template: hacker maybe interested to crack such protected template • We propose a novel system that is able to protect the privacy of the fingerprint • No key is required • Imperceptible in the protected fingerprint template
The proposed method The proposed fingerprint privacy protection system
Enrollment • Minutiae position extraction • Orientation extraction • Reference points detection • Combined minutiae template generation
Reference points detection • Motivated by the method proposed by Nilsson et al., Pattern Recognition Letters, 2003 A fingerprint Doubled orientation:2 R=z*Tc z=cos(2)+jsin(2) The reference point: (i) with the local maximum response, and (ii) the local maximum response is over a fixed threshold.
Combined minutiae template generation The primary core: the reference point with the maximum response
Core point alignment • is translated and rotated such that the two primary cores are aligned
Minutiae direction assignment Coding strategy 1: The angle of the combined minutiae only depends on the orientation of fingerprint B • For an aligned minutiae position , its angle is assigned as where . The angle assigned to each minutiae point In the fingerprint matching, we will do a modulo for the directions to remove the randomness.
Minutiae direction assignmentCoding strategy 2: The angle the combinedminutiae depends on both the angle of the minutiae of fingerprint A and the orientation of fingerprint B • For an aligned minutiae position , its angle is assigned as where From fingerprint A From fingerprint B The original angle The assigned angle
Minutiae direction assignment Coding strategy 3: The angle of the combined minutiae depends on both the neighboring minutiae in fingerprint B and the orientation of fingerprint B • For an aligned minutiae position , its angle is assigned as where The assigned angle Minutiae point from fingerprint B
Authentication • Minutiae position extraction • Orientation extraction • Reference points detection • Fingerprint matching
Experimental results • Database: FVC2002 DB2_A. • The VeriFinger 6.3 is used for the minutiae positions extraction and the minutiae matching • We use the first two impressionsin the database, which contain 200 fingerprints from 100 fingers • Two different fingers form a finger pair
Part 1: Evaluating the performance of the proposed system • The 100 fingers are randomly paired to produce a group of 50 non-overlapped finger pairs. • The random pairing process is repeated 10 times to have 10 groups of 50 non-overlapped finger pairs. For each group: • The first impressions of each finger pair are used to produce two combined minutiae templates. 100 templates in total. The corresponding second impressions are matched against the template using our proposed fingerprint matching algorithm.
Part 2: Evaluating the possibility to attack other systems by using the combined minutiae templates • In case the combined minutiae templates are stolen, the attacker can use the combined minutiae templates to attack other systems which store the original minutiae template. How is the successful attack rate? • The combined minutiae templates generated in Part 1 are matched against the corresponding fingerprint A (providing the minutiae position). In total 100*10=1000 matches. • The combined minutiae templates generated in Part 1 are matched against the corresponding fingerprint B (providing the orientation). In total 100*10=1000 matches